Attackers routinely exploit vulnerabilities in computer systems to inject malicious code. For example, attackers can gain access to an internal network with the use of spyware or rootkits. Such software can be easily installed on computer systems from physical or digital media (e.g., email, downloads, etc.) and can provide these attackers with administrator or “root” access on a machine along with the capability of gathering sensitive data. In particular, attackers can snoop or eavesdrop on a computer or a network, download and exfiltrate data, steal assets and information, destroy critical assets and information, and/or modify information. Rootkits have the ability to conceal themselves and elude detection, especially when the rootkit is previously unknown, as is the case with zero-day attacks.
Embedded devices, such as routers, switches, voice over IP (VOIP) adapters, virtual private network (VPN) devices, and firewalls, exist in large numbers within global IT environments and critical communication infrastructures. In fact, these embedded devices constitute the majority of the network infrastructure that forms the Internet. Similarly, embedded devices can include special-purpose appliances, such as printers, wireless access points, Internet Protocol (IP) phones, and other similar appliances, that are now commonplace in the modem home and office. These devices are typically built with general purpose, real-time embedded operating systems using stock components and are capable of interacting with general purpose computers. It is often thought that the diverse and proprietary nature of embedded device hardware and firmware creates a deterrent against effective widespread exploitation of security vulnerabilities in these devices. In that regard, embedded device manufacturers for the most part passively rely on obscurity to resist hacking attempts and other security breaches.
Nevertheless, attackers have the capability to attack these embedded devices. A network of computers that has been infected with malicious code, where each infected computer can be controlled by an attacker often without knowledge of the infected computer's owner is generally referred to as a botnet and these networked embedded devices can be used in botnets. For example, networked embedded devices can be compromised using out-of-the-box default passwords and used in botnets, where, in many instances, embedded devices are the core communication components of a networked system. In addition, these attackers are likely to possess information about the firmware running on an embedded device, and thus may be equipped to devise corresponding rootkits and other malware.
In response to these threats, many computers are protected by antivirus software and/or firewalls. However, these preventative measures are not always adequate. In particular, traditional antivirus software does not work on embedded devices and, generally speaking, these embedded devices are not built with security in mind. Moreover, the code or firmware on these embedded devices is often proprietary and undisclosed to third parties. Accordingly, updating and modifying device firmware for different embedded devices is a difficult task.
Accordingly, there is a need for inhibiting attacks on embedded devices.